Codebreaking: A Practical Guide

Code Breaking

Bottom Line

I don't recommend this nonfiction book for the Cybersecurity Canon Hall of Fame, but if you are interested in the topic, this is a good one to read.


I typically encounter two camps of readers when it comes to technical books. There's the "just tell me How exactly to accomplish this" angle - perhaps you're trying to become a stronger cybersecurity analyst and you want the nuts-and-bolts instructions to tear apart a specific type of malware, or identify an adversarial team when it leaves behind certain indicators of compromise (IOCs) or, on a bigger scale, maybe you want to build out a security operations center (SOC) from scratch.

And then there is the second camp, readers who may be seeking more foundational knowledge mixed in with extra color/context about the subject at hand. These readers tend to be focused on asking the question "help me understand the Why along with the How." Sometimes that extra context includes nominally non-technical stories about specific incidents, even historical background which helps explain why a tool, a technique or even an industry evolved the way it did.

And every once in a while, you find a single book which should satisfy both camps, which brings us to Codebreaking: A Practical Guide. While knowledge about breaking codes and ciphers lives in the realm of cryptanalysis (as strictly defined), this resource is much more than a codebreaking guide - it is a very readable broader snapshot of the world of cryptology as a whole, which encompasses the making and breaking of codes and ciphers, as well as its history, people and machines. 

This content is structured to start with enciphering and encoding techniques (from easy-to-break to progressively harder) and weaves in real-world examples, complete with associated context and stories - each chapter is devoted to a specific encipherment technique, describing how it works, how to detect it, and how to break it.

The authors start with probably the best-known example of a cipher, the Caesar cipher, where each letter is shifted by a set number of positions. This chapter, like the others that follow it, reviews the specific technique and then clearly shows real-world success stories where the encrypted content was successfully decrypted. This chapter also includes challenges or exercises for the would-be codebreaker, and later chapters add postscripts outlining still-unsolved cryptograms out there today - perhaps you are up to the challenge?

From there, what might otherwise be a dry review of different encipherment techniques and categories across the subsequent chapters (substitution, homophonic, polyalphabetic, transposition and others) is enlivened with multiple examples. Want the backstory around the WWI Zimmerman Telegram and how it came to be decoded? How about Allied use of "code talkers" in both WWI and WWII, and German WWII use of the most famous encryption machine in history, the Enigma? It is not a surprise to see many of these stories relate to wartime codebreaking.

But there are so many other examples which might not be so obvious. From the diary of the author Beatrix Potter, to the letters authored by the Zodiac Killer in the late 1960s, to the remarkable husband-and-wife codebreaking team of Elizebeth Smith Friedman and William Friedman and their encrypted Christmas cards and carved inscription on their shared headstone, to the most famous unsolved cryptogram the Voynich manuscript, each chapter's nominal cipher category includes many examples where you can see and think about how the technique to both encipher and decipher can be applied. There are even examples pulled from the world of fiction (work by Edgar Allan Poe, Arthur Conan Doyle, Dan Brown, and even the movies National Treasure: Book of Secrets and Star Wars).

One delightful topic definitely new to me: the presence of encoded newspaper advertisements in late nineteenth century London newspapers - excellent real-world examples of how to communicate a message confidentially across a public medium. Many of these ads contain love messages, but others are business-focused where confidential information is being sent to customers or partners by private investigators and other entities. 

What makes this book an especially rich resource are the accompanying images: the book is profusely illustrated with more than 250 black & white photos, diagrams, and screenshots, all of which directly support the technique or history being covered in the text.

Codebreaking: A Practical Guide is definitely Cybersecurity Canon-worthy - but I'm not recommending it for the Hall of Fame. While an understanding of cryptography is important for anyone in the cybersecurity world, the single best resource for this topic is Kahn's The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet (first published over fifty years ago) - but I will point out that it's also a dense and intense 1,164 page commitment!

When compared to Kahn's master reference on this topic, a gentler and highly-recommended alternative introduction is Singh's The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography, or its translated-to-television derivative The Science of Secrecy: The History of Codes and Codebreaking (a BBC Channel 4 series and companion book = perhaps an even easier way to soak up an introduction to the topic) - but if you are an aspiring codebreaker with a healthy respect for and interest in history, start here instead with Codebreaking: A Practical Guide (as well as its dedicated website) - you won't be sorry. Readable, practical, and charming.